Definitions[edit | edit source]

Computer security[edit | edit source]

An audit trail (also audit log) is

[a] [c]hronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.[1]
[a] record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period.[2]
the results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file or a record of all users who viewed that file.[3]
[the] [p]rocess for recording (logging) a sequence of activities on a system; such as user log-ins and log-outs. More expansive audit trails would record each user’s activity in detail — what commands were issued to the systems, what records and files were accessed or modified, etc. Audit trails are a fundamental part of computer security, used to trace (albeit usually retrospectively) unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.[4]

Criminal law[edit | edit source]

An audit trail is

[t]he use of audit procedures (e.g., tracking who is accessing the data or what data was accessed) combined with analysis of audit logs and follow-up for unauthorized or anomalous activity is essential for long-term system security and privacy.[5]

E-commerce[edit | edit source]

In electronic commerce a good audit trail can help resolve programming errors and discrepancies in the how a transaction is recorded by the parties to the transaction.

Overview (Computer security)[edit | edit source]

Audit trails are a fundamental part of computer security, used to trace (albeit usually retrospectively) unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.[6]

"Audit trails may be used as either a support for regular system operations, or as a kind of insurance policy, or as both of these. As insurance, audit trails are maintained but are not used unless needed, such as after a system outage. As a support for operations, audit trails are used to help system administrators ensure that the system or resources have not been harmed by hackers, insiders, or technical problems."[7]

Electronic audit trails must provide a chain of custody for the secure electronic transaction that identifies sending location, sending entity, date and time stamp of receipt, and other measures used to ensure the integrity of the document. These audit trails must be sufficiently complete and reliable to validate the integrity of the transaction and to prove, a) that the connection between the sender and the recipient has not been tampered with, and b) how the document was controlled upon receipt.[8]

References[edit | edit source]

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.